We finally made it to another new year, and that means it’s time to reflect on the learnings from the previous year while also preparing for many new opportunities and challenges ahead. The enterprise tech and security industry didn’t seem to slow in 2018, so there’s no reason we would expect 2019 to be any different. So what will those “hot button” topics be this year?
To answer that question, we turned to our very own Sumo Logic experts to get their thoughts on what tools, trends and movements will be top of mind as we continue to march toward a future of cloud-based everything. Read on for their 2019 predictions.
Ramin Sayar, president and CEO
DevSecOps will empower organizations to thrive
With the European Union’s General Data Protection Regulation (GDPR) and other privacy regulations coming to life, organizations’ reputations are on the line as the public demand for transparency, security and data privacy roars. Therefore, those that thrive — not just survive — in 2019 will need to transform their operating models to DevSecOps given the shortage of security professionals.
Christian Beedgen, co-founder and CTO
Ethical intelligence >> artificial intelligence
Our fascination with the use of computing power to augment human decision-making has likely outgrown even the tremendous advances made in algorithmic approaches. In reality, the successful use of AI and related techniques is still limited to areas around image recognition and natural language understanding, where input/output scenarios can be reasonably constructed, and that will not change drastically in 2019. The idea that any business can “turn on AI” to become successful or more successful is preposterous, no matter how much data is being collected. But the collection of data to support humans and algorithms continues and raises important ethical questions and is something we need to pay close attention to over the next few years. Data is human and therefore is just as messy as humans. Data does not create objectivity. It is well established that data and algorithms perpetuate existing biases and automated decisions are — at best — difficult to explain and justify. Appealing such decisions is even harder when we fall into the trap of thinking data and algorithms combine to create objective truth. With greater decision-making power comes much greater responsibility, and humans will increasingly be held accountable for the impact of decisions their business makes.
Programming is a distinguishing skill for information workers
Automation continues to be the key to success at scale. Real-time has become too fast for humans to track in the age of big data. Fair or not, we will classify people into two buckets: those who know how to program, and those who don’t. With the rise of cloud service providers, those in IT who don’t know how to program are increasingly finding themselves without tasks and responsibilities. This is the flip side of agile, DevOps and DevSecOps. The need to scale and react in real time requires automation — something programmers know how to do. This is not an elitist vision; successful IT employees do not require Ph.D.s in distributed systems from Stanford –- in fact, the majority of programmers today are self-taught. However, they do need to know how to program in the broadest sense, from traditional software development to shell scripting. As we move toward a world of more automation, programming has become a core skill, even if it happens mostly in Jupyter notebooks, sitting on top of layers of abstractions programmed by others. We used to say developers are the new kingmakers, but in 2019 and beyond it’ll be more accurate to swap the term ‘developers’ out for ‘programmers.’
George Gerchow, CSO
The rise of the chief privacy officer
With the mad sprint to meet the GDPR deadline, this past year was all about the data protection officer (DPO). As a continuation of that effort, 2019 will be focused on moving privacy even further up the chain of command — to the C-suite — making it of utmost focus and priority for organizations that have a vested interest in protecting their user’s data. GDPR and privacy have become the new way of life and so we’re going to see privacy join security for a seat at the table as more and more state and international privacy regulations like the California Consumer Privacy Act and Brazilian General Data Protection Law (LGPD) emerge. Eventually, the two will be so closely intertwined that perhaps we’ll even see titles inclusive of chief security and privacy officer (CSPO) in 2019, and beyond.
Cloud vulnerabilities abound
The biggest vulnerabilities in 2019 will be cloud-based attacks executed on a nasty, stealth scale. Attackers now possess the wherewithal to target any major cloud provider by slipping in under the radar with a small hardware device or chip, and carrying out sophisticated exploits on a massive scale like nothing ever seen before. This is particularly frightening if you imagine how a single attack on just one AWS region could cripple thousands of users and compromise their mission-critical data in a matter of seconds. Tech vendors will also have a target on their back for cloud-based attacks because of the sheer amount of customers they serve daily. As history has repeatedly shown, data is a gold mine for malicious and nation-state actors, and the siege won’t slow down in 2019. Industry cloud giants and security vendors will need to work together to implement a security by design strategy if we want to harden our defenses and prevent another debilitating security debacle from hitting the headlines.
Ben Newton, director, product marketing
Serverless grows, Kubernetes slows
Serverless is going to move into the mainstream, attracting two distinct groups of people: those who need computing beyond what containers can currently provide and those who don’t want the overhead of containerization. We saw this trend begin in 2018, in which AWS Lambda adoption grew from 24 percent in 2017 to 29 percent in 2018. And we expect that number to spike in 2019.
Containerization is near the top of its hype cycle and will soon race down into the proverbial trough of disillusionment. Kubernetes is not enough on its own, but will continue to see steady growth due to its media attention and the number of services that provide managed or native K8s. That said, we can expect to see an inevitable loss of enthusiasm as more organizations trend toward serverless options moving forward.
Colin Fernandes, director, EMEA product marketing
Enterprises will want more data for decision-making, but the economics must change
For many years, we have seen enterprises gathering more and more data . They put it into the cloud or into data lakes, and then find it difficult to use or get any value from. These installations are potentially useful, but 2019 will be the year when they have to prove that they can provide business value.
There are a couple of hurdles here. The first is that as data becomes more ubiquitous, the proliferation of computational power and network connectivity creates a code execution on every device in our modern world. Digital businesses rely on this data generated by their applications to deliver the best products and services to customers. However, more data means more challenges with collecting, storing and analyzing it in a cost-effective way. Current one-size-fits-all licensing models for machine data storage create a data tax for many organizations. To address this issue, we need to change the economics of data storage and analytics, and offer models that give customers maximum flexibility to align their data and analytics consumption with their individual use cases while also keeping costs lower for storing large data sets.
Secondly, all of this data being collected across from various sources can benefit more than the IT department That opens the door for cross-functional teams to learn from each other’s data applications and adopt those same approaches across the business for unified success. It means that areas like machine data analytics grow in importance over time, as they can be specifically applied to solve problems. Iterating like this really helps analytics teams to prove their value.
Security analytics and automation will go from “in love” to “it’s complicated”
AI is getting a lot of hype. Every story around AI seems to be festooned with doomsday images, but AI as a technology still has a long way to go.
For IT security teams, there’s a lot of noise around how AI will become embedded into security solutions. It’s true that automating more of the data investigation side will really help. However, that is not true AI, at least not yet.
Like all relationships, the links between humans, machines and security will get more complicated. The sheer volume of data available from IT assets – cloud, servers, networks, et cetera – is vast, and making sense of it requires context. Automation and machine learning tools will help strengthen security because they can cut out the “human element” of having to investigate, prioritize and correlate security alerts and events at scale.
Using analytics, systems can help determine which ones are critical and should be investigated further. What could take hours for a human, can take seconds for a machine, and then once the alert is identified, the human comes in with the necessary context to understand what, how why things went wrong and how to resolve the issue moving forward. This is where humans can come in and apply the mix of experience and intuition that is unique to us.
Normally, AI stories tend to attract rumors of job losses or replacements of roles. Now, some areas of the economy might see this – for example, we don’t have people working en masse in telecoms exchanges today. However, there are two reasons why this won’t affect the IT security sector as much, if at all.
Firstly, there is such a dearth of skilled professionals in the IT security space that there are more roles than there are people to fill them. Secondly, while using ML-driven analytics is good at matching known patterns and spotting outliers, it is not as good at explaining why those outliers are risky or not. That requires experience with investigating the unknown, which AI is not currently capable of.